Honeypots mailing list archives
Re: LKM - Sebek
From: Edward Balas <ebalas () iu edu>
Date: Wed, 18 Dec 2002 11:36:33 -0500 (EST)
On Wed, 18 Dec 2002, Mike lim wrote:
Has anybody has success running this adore-modified key logger?
Yes. Sorry for the lack of sutable HOWTO etc. This is a comon error when the kernel source you compile to does not match the kernel you are trying to use the module with. If I recall sebek isnt so happy on RH6.2
I managed to compile the kernel modules successfully in Redhat 6.2. However, the client when run (./sebek.sh start) produced the following: ----------------------------------------------------------------- rmmod: module cleaner is not loaded Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/adore.o' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/cleaner.o' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/sdm' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/ava' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/sebek.sh' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/dev/sebek' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... Can't hide process. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File './sebek.sh' hided. ------------------------------------------------------------------ The error apparantly comes from adore (ava) as the following commands produced the following: ./ava h LICENSE Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File 'LICENSE' hided. In addition, the FIle 'LICENSE' hided it not hidden. --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Current thread:
- LKM - Sebek Mike lim (Dec 18)
- Re: LKM - Sebek Edward Balas (Dec 18)
- Re: LKM - Sebek Mike lim (Dec 19)
- Re: LKM - Sebek Edward Balas (Dec 18)